Posted on 01/15/2025 4:19:20 PM PST by Morgana
The saga of a disturbing hack into Disney World Resort's menu system has finally ended as the man responsible has pled guilty to his crimes.
Michael Scheuer, a former employee at the Florida park, pled guilty to hacking into the company's computer systems and changing their menu items on Friday.
Scheuer was fired from Disney on June 13, 2024, from his role as the park's Menu Production Manager, according to a criminal complaint.
After a 'contentious' firing over misconduct, Scheuer accessed the company's menu system, Menu Creator, from a personal device. He changed fonts, added profanities, altered prices, and inserted hate symbols, prosecutors alleged.
Scheuer also changed employee login information to prevent current staff from accessing the system. He made these alterations first from his employee account which he still had access to and then by hacking the company systems.
Perhaps one of the most dangerous alterations he made was to allergen warnings on certain menu items.
'Namely, the threat actor manipulated the allergen information on menus by adding information to some allergen notifications that indicated certain menu items were safe for individuals with peanut allergies, when in fact they could be deadly to those with peanut allergies,' the complaint read.
Scheuer used a VPN while hacking into the system which encrypts data and hides a user's IP address. He then used his administrator account to create another account under the alias, Emily P. Beaman.
After three months of wreaking havoc on Disney's computer systems. The company eventually noticed the shocking changes and shut down the application for two weeks.
During this period, current employees were unable to access the site. Throughout these three months, Scheuer was also able to shut down staff accounts and attempted to log in to them over 100,000 times, according to the complaint.
(Excerpt) Read more at dailymail.co.uk ...
The information about the VPN is not entirely correct. A VPN can (and usually does) encrypt information between your endpoint and the VPN server, not too unlike an SSL connection.
It does not, however, when using it with a web browser or other internet client, add additional encryption between the VPN server and any other internet endpoint (like a disney extranet site) that they cannot decipher. If that were true, he wouldn’t be able to see their web pages nor would they be able to decipher his requests.
He used a VPN to obscure his source IP address, slowing down the response to find him. I also don’t understand the efficacy of shutting down staff accounts and then trying to log into them 100,000 times. Unless there’s some “we lock your account after X number of failed logins” - style policy, there’s no point in doing that.
This is why.
If they have personal information or files on their work computer they can tell the Tech Support guy which it is and TS guy will pull it for them and burn it to CD or print a hard copy, (which should tell you how long it has been since I fired someone).
The fired one will be walked out of the building to their car. All personal items will be packed up for him and delivered to their home address by FedEx the next day.
This is very basis security.
Based on the amount of demonic anger, rage at complete strangers, with severe possible homicidal intent... $500 says he is a homosexual.
$500. says he’s a homo just because he was working at Disney
“This is very basis security.”
Story sounds fishy as it’s hard to believe that an operation as large as Disney, able to hide mass numbers of pedophiles, would allow a guy they fire to still access their systems.
Probably quite a bit more that we’re not being told here (like he had a helper, perhaps).
That is what is known as a sucker bet.
Couldn’t the person fired claim that you didn’t send him ALL of his personal effects? Sounds like a solvable problem but I have no idea how to do it.
Um, wouldn’t this be attempted murder? Food allergies are no joke.
Either Disney has really bad security, which is possible.
Or, as you suggest, there is more to the story.
This was just unbelievably sloppy. Especially for a multi-trillion dollar corporation.
Next time Polk City, FL Sheriff Grady Judd holds a press conference announcing a child porn or human trafficking bust, take note of how many suspects worked at Dismal World. It’s been 35 yrs since we’ve been to Orlando to pay the Rat and don’t miss it one damned bit.
LOL ๐๐
“Vote for Cuomo, not the homo.”
Sorry, your post just reminded me of that great moment in Democrat campaign history.
When I left my employer of 30 years, my access to the computer systems including employer/employee email was locked out even before the separation process began, as I was on extended vacation and hadn’t logged in for over 10 days when I decided to retire.
In order to keep my access, I was required to log in every 8 days even from remote locations. I didn’t, and that would not have been a big deal if I went back, as IMIT had no problems with re-enabling legitimate requests, but system security was paramount.
Hospital physical plant setting, for those curious.
I’ve been fired several times. In no instance did I ever lift a finger to sabotage my (former) employer. In my last firing, I was teleworking, and instead of being a whiny b*tch, I simply UPSed my lap top back to headquarters and mailed my badge to my boss.
You might want to make sure they're off any messaging accounts too. For 2 years after I retired I received notices of every staff meeting, get together, special day off, extra work shift, etc. I didn't bother telling anyone because the woman in charge was an overpaid know it all and I thought it was funny that she couldn't tend to basic maintenance of the message logs.
I included that, in a roundabout way, in my report.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.